nerdexam
(ISC)2

CISSP-ISSEP · Question #103

Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels?

The correct answer is B. DoD 8500.2 Information Assurance Implementation. DoD 8500.2 is correct because it is specifically the implementation directive that maps IA controls directly to the three Mission Assurance Categories (MAC I, II, III) and confidentiality levels (Classified, Sensitive, Public) - it translates policy into actionable, system-level

Governance and Training

Question

Which of the following DoD policies establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels?

Options

  • ADoD 8500.1 Information Assurance (IA)
  • BDoD 8500.2 Information Assurance Implementation
  • CDoDI 5200.40
  • DDoD 8510.1-M DITSCAP

How the community answered

(37 responses)
  • A
    3% (1)
  • B
    89% (33)
  • C
    3% (1)
  • D
    5% (2)

Explanation

DoD 8500.2 is correct because it is specifically the implementation directive that maps IA controls directly to the three Mission Assurance Categories (MAC I, II, III) and confidentiality levels (Classified, Sensitive, Public) - it translates policy into actionable, system-level controls.

Why the distractors are wrong:

  • A (DoD 8500.1) establishes the overarching IA policy and program framework - it's the "what and why," not the specific controls catalog. Think of it as the parent policy that 8500.2 implements.
  • C (DoDI 5200.40) established the original DITSCAP certification and accreditation process, not the MAC/confidentiality control framework.
  • D (DoD 8510.1-M DITSCAP) is the manual describing the C&A methodology and process steps - it's procedural, not a controls baseline.

Memory tip: The ".2" in 8500.2 stands for the second step - first you set policy (8500.1), then you implement it with specific controls (8500.2). Anytime a question mentions MAC levels + IA controls together, that's 8500.2 territory.

Topics

#DoD Policies#Information Assurance#IA Controls#MAC Levels

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice